Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ADFS + Azure SQL Managed Instances Supportability

    ADFS + Azure SQL Managed Instances Supportability

    Add supportability for extend AD FS in Azure using Azure SQL Managed Instance to host the database.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  2. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    compte 0005859947 63 touggourt30002 algeria ccp

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  3. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    COMPTE N0005859947 63 TOUGGOURT 30002 ALGERIA

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add Alert before Token Signing and Token Decryption auto renewed

    My customer experienced several outage during ADFS Toke Signing and Token Decryption certificates automatically renewing. Thus , they really hope that Microsoft PG can add alert functionality , if AutoCertificateRollover is true , when those two certificates are issued automatically by system and before promoted to Primary Certificates , will send alerts

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  6. Have ADFS display 'last login' information when users log in using FBA

    When logging in through ADFS forms-based authentication, the user is only prompted to enter their credentials, they aren't given any way to know when the last time they did so was was. Many web sites offer this feature to allow a user to know when, from where, and from which device they last logged in to they can report any anomalies to the powers that be. ADFS should have such a feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  7. Remove 'This will clear your current search result' in Find ...

    When we type in a computer in the search field, in ‘Active Directory Users and Computers’ Find ..., and forget to change to 'computer'. Then when we change it to computer it will clear the name box. with the message 'This will clear your current search result' Why? this have been bugging me for many, many years... so this is my user-voice :-)

    I would like this behavior to change. Maybe just not to clear the box, and say nothing, and just change to computer.

    Or there could be an option, to have the search filed be custom and remember…

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  8. LAPS - Add Cmdlets to remove permissions

    Add a CMDLET to Remove LAPS Password reset and read permissions. Currently there is only a cmdlet to add permission, but not to clean up.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  9. Append option in Group Policy

    In Group Policy today we have "Import Settings" and "Restore From Backup" kind of options. Where in both make the GPO settings with complete Replace.
    It would be good to provide "Append/Replace" option when we select "Import Settings". So that when there is a requirement of clubbing GPOs it would be very useful to make one GPO from many GPOs if we have Append option.
    Else it would be difficult for administration if we go on adding one by one setting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow AD FS to fall back to Forms-based authentication if Windows Integrated Authentication fails

    Currently, if a browser-based user comes to the AD FS sign-in page, AD FS can only decide whether to use integrated authentication by looking at the browser's user agent string. However, t

    There are cases where not all users arriving at the AD FS sign-in page can perform a Kerberos login - they might be within the IP range of the "internal" part of AD FS (in a split-brain DNS configuration) but the client may not be domain joined for various reasons, for example wireless users using BYOD. For these users Kerberos fails and it falls back to NTLM/Basic auth…

    60 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  11. Publish activedirectory module to PSGallery

    The active directory module is really useful, but a pain to install on a server/computer.
    Current install instructions are these: https://blogs.technet.microsoft.com/ashleymcglone/2016/02/26/install-the-active-directory-powershell-module-on-windows-10/

    I would love the possibility to just do:
    Install-Module "ActiveDirectory" and have everything good to go.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  12. Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software

    Replace ADCS NDES Role Service and Intune NDES Connector with ADCS Issuing CA Intune Connector software. Seems easier solution than having seperate server for NDES and needing to publish NDES endpoint to the web, just to issue Certs to the devices managed by Intune.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Update Active Directory Password policies to align with new NIST guidelines

    Now that the new NIST 800-63B guidelines are coming together, can Active Directory be updated to follow some of the guidance in here? Specifically allowing for blacklists of breached or otherwise bad passwords, potentially allowing for a salt to be added to AD password hashes, and rate throttling instead of just account lockout?

    https://pages.nist.gov/800-63-3/sp800-63b.html

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Logon, Passwords  ·  Flag idea as inappropriate…  ·  Admin →
  14. GPO: turn off microsoft consumer features all sku

    Please make the GPO object for "Turn off Microsoft consumer features" work on all skus not just Enterprise and Education. I am in education but we have been buying Pro skus as we did not know about this garbage limitation which makes no sense. Removing the XBOX app and other preloaded nonsense is necessary no matter the sku. If it can join a domain this should just work. Yes there are scripts to do this but given its supported in "some" skus this should not be necessary.

    Tom

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  15. AD FS support for inline registration for Azure MFA

    Would improve user experience a lot if AD FS would support inline user provisioning for Azure MFA. This is so inconvenient that users should do this separately, and not in app.
    E.g. Microsoft Intune has this integrated in provision process.

    Also error message for this is not provisioned users is too general and not informative at all.

    More info in paragraph "Registering users for Azure MFA with AD FS 2016"
    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  16. BUG: Active Directory Users and Computers - using the search will not open the full properties

    Active Directory Users and Computers - using the search will not open the full properties.

    How to reproduce:
    if you search for an object in ADUC and select properties of the object (e.g User account) some tabs will be missing, e.g. the tab where you see all AD properties. This can only be reached by using navigating to the object in the OU and right click > properties.

    It's an unneccessary shortcoming for long imho. I am aware that MS would like to dump ADUC for the sake of the new PS based console but still in some cases both…

    21 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide a method for merging/spitting Group Policy Objects including GPP

    Provide a tool/method for merging/spitting Group Policy Objects including GPP. Integrate AGPM into group policy management console fully and use same backup and restore format for GPOs.
    Integrate Microsoft Security Compliance Manager/ the new Policy Analyzer functionality into group policy management console.

    I want to be able to apply the latest security baselines and split and merge GPOs all in one console.

    Provide PowerShell cmdlets for merging and splitting of GPOs including GPP.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Management Tools  ·  Flag idea as inappropriate…  ·  Admin →
  18. ADFS and Claims Rule Language Reference

    we need a comprehensive syntax and semantics reference for Claims Rule Language. I know there are operators besides == ~= EXIST and such, which are not covered here. and this link is by far the most comprehensive which is available:
    http://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  19. Open Source the ActiveDirectory PowerShell Module

    Please consider open sourcing the ActiveDirectory PowerShell Module. While regarded as feature complete internally at MSFT, there is still much work that can be done to offer PowerShell users of all skill levels a more consistent experience by ensuring all Cmdlets in the ActiveDirectory Module accept pipeline input and parameter binding by property name and value. There is also tremendous value in providing PowerShell users with Cmdlets to determine which attributes in the Active Directory schema have been indexed as well as Cmdlets to extend the schema with the addition of other attributes.

    146 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. BUG: 2016 server allows you to create machines with same name

    I added a 2016DC to my 2012 and 2012r2 DCs a couple weeks ago.

    Today I added a new PC into the network.

    The problem is I used the same name as a PC already on the network (shouldn't be an issue Windows always catches this and doesn't allow it).

    AD didn't catch this and actually updated the original PC in AD and did not add a second PC or warn that the name was already in use. If I look at the modified date of the original pc in AD it shows it was modified at the same time…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Domain join  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base